Description
A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.2.0 is sufficient to fix this issue. The identifier of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install a patch to address this issue.
References (12)
Core 12
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.346650
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.346650
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.754378
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-346650 | Open Babel CIF File transform3d.cpp DescribeAsString out-of-bounds
https://vuldb.com/vuln/346650
Signature, Permissions Required signature
permissions-required
VDB-346650 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/346650/cti
Third Party Advisory third-party-advisory
Submit #754378 | openbabel master-branch Heap-based Buffer Overflow
https://vuldb.com/submit/754378
Issue Tracking issue-tracking
https://github.com/openbabel/openbabel/issues/2848
Issue Tracking issue-tracking
patch
https://github.com/openbabel/openbabel/pull/2862
Various Sources exploit
https://github.com/oneafter/0128/blob/main/ob1/repro.cif
Scores
CVSS v3
4.3
EPSS
0.0073
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-125
Status
published
Products (4)
None/Open Babel
3.1.0
None/Open Babel
3.1.1
None/Open Babel
3.2.0
openbabel/open_babel
< 3.1.1
Published
Feb 19, 2026
Tracked Since
Feb 19, 2026